Defining Permissions

Former Member — Tue, 04 Aug 2020 21:33:53 GMT

Current Revision posted to Developer Training by Former Member on 08/04/2020 21:33:53

Permissions can be granted to site, group and application levels to control access to each area of the community. The platform allows you to create and define your own set of permissions. These permissions contain default configurations and can be later configured by a group owner or administrator.

[toc]

Why Should I Create Permissions?

When creating a solution that requires the platform to grant or restrict access to users on a site, group, or application level, then an [[api-documentation:IPermissionRegistrar Plugin Type|IPermissionRegistar]] can be implemented.

Creating a Permission

To add support for creating permissions you need to implement the [[api-documentation:IPermissionRegistrar Plugin Type|IPermissionRegistar]] interface. The [[api-documentation:IPermissionRegistrar Plugin Type|IPermissionRegistrar]] must be implemented along with the [[api-documentation:IPermission Plugin Supplementary Type|IPermission]] interface and is defined in the Telligent.Evolution.Extensibility.Security.Version1 namespace of Telligent.Evolution.Core.dll.

using System;
using Telligent.Evolution.Api.Content;
using Telligent.Evolution.Extensibility.Security.Version1;

namespace Samples
{
    public class SamplePermissions : IPermissionRegistrar
    {
        #region IPlugin

        //...

        #endregion

        #region IPermissionRegistrar

        //...

        #endregion
    }

    public class SamplePermission : IPermission
    {
        //...
    }
}

Setup the RegisterPermissions method and begin by generating a new Guid for the permission ID. If creating a custom application make sure the application ID matches the one that was created. In this sample a generic ID was applied. Select a meaningful name and description. Then determine the default configuration by creating a new [[api-documentation:PermissionConfiguration Plugin Supplementary Type|PermissionConfiguration]].

The [[api-documentation:PermissionConfiguration Plugin Supplementary Type|PermissionConfiguration]] sets the default configuration that is applied to each group type. Default permissions are automatically setup when the plugin is enabled. The group types are configured by implementing [[api-documentation:JoinlessGroupPermissionConfiguration Plugin Supplementary Type|JoinlessGroupPermissionConfiguration]] for Joinless groups and [[api-documentation:MembershipGroupPermissionConfiguration Plugin Supplementary Type|MembershipGroupPermissionConfiguration]] for all other group types. A Boolean value will determine if the Everyone, Managers, Members, Owners and RegisteredUsers roles will be assigned your permission.

public void RegisterPermissions(IPermissionRegistrarController permissionController)
{
    permissionController.Register(new SamplePermission(
        new Guid("29547B66-9D04-4659-A010-5A861A0CBFCC"),
        "Create Content",
        "Enables users to create content.",
        ContentTypes.GenericContent,
        new PermissionConfiguration
        {
            Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
            PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
            PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
            PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
            PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
        }));

        //Register more permissions
}

To register a permission an [[api-documentation:IPermission Plugin Supplementary Type|IPermission]] needs to be implemented. A Guid ID is a unique for each permission. Select a name and description that describes the permission you are creating. An applicationTypeId is an ID from a predefined application. Finally the [[api-documentation:PermissionConfiguration Plugin Supplementary Type|PermissionConfiguration]] is the default configuration for the permission mentioned earlier.

public class SamplePermission : IPermission
{
    public SamplePermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
    {
        Id = id;
        Name = name;
        Description = description;
        ApplicationTypeId = applicationTypeId;
        DefaultConfiguration = defaultConfiguration;
    }

    public Guid Id { get; private set; }
    public string Name { get; private set; }
    public string Description { get; private set; }
    public Guid ApplicationTypeId { get; private set; }
    public PermissionConfiguration DefaultConfiguration { get; private set; }
}

Here is the complete sample.

community.telligent.com/.../SamplePermissions_2E00_cs

This is how the permission are displayed in the group administration panel under Manage Group > Permissions > {Site/Group Role Tab} > {Role}.

Fine tuning permissions

There are times when granting permissions isn't "all or nothing". For example, in an out-of-the-box installation, a user is allowed to edit their own forum posts, but only for a limited time. With a simple permission, the forum application would have to either grant the user the ability to edit all forum posts at all times or never edit any forum posts at any time. The ILogicPermission interface is the solution for this type of scenario.

This sample uses a Func<> delegate to represent the IsGranted method. This allows your implementation of the [[api-documentation:IPermissionRegistrar Plugin Type|IPermissionRegistrar]] to have control of the ILogicPermission implementation.

public class SampleLogicPermission : SamplePermission, ILogicPermission
{
    private readonly Func<User, IContent, bool, bool> _isGrantedFunction;

    public SampleLogicPermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration) 
        : base(id, name, description, applicationTypeId, defaultConfiguration) { }

    public bool IsGranted(User user, IContent content, bool isGrantedBySystem)
    {
        return _isGrantedFunction(user, content, isGrantedBySystem);
    }
}

Tags: IPermissionRegistrar, permissions